[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] February Hack Update

Subject: Re: [cobalt-security] February Hack Update
From: "Kevin D" <kdlists@xxxxxxxxxxxxxxx>
Date: Mon, 5 Mar 2001 11:36:34 -0500
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> most rootkits install trojaned versions of _at least_ ps and netstat
> you are likley opening up more holes to your attacker than you did before
by
> running those files.

You could portscan the server from a remote location to ensure that no stray
ports are open. While restoring all binaries would be the best solution, its
not always practical, and restoring just key binaries (su, bash, login, sh,
netstat, ps, etc.) could do the trick.

Kevin

Follow-Ups:
- Re: [cobalt-security] February Hack Update
  - From: Mike Coltart

References:
- Re: [cobalt-security] Qube 3 and VPN...
  - From: Gossi The Dog
- [cobalt-security] February Hack Update
  - From: Lawrence Frewin of Accommodation.com
- Re: [cobalt-security] February Hack Update
  - From: Marc Gear

Prev by Date: RE: [cobalt-security] HACK on RAQ3i
Next by Date: [cobalt-security] Re: [Security] /usr/bin/Mail buffer overflow
Previous by thread: Re: [cobalt-security] February Hack Update
Next by thread: Re: [cobalt-security] February Hack Update

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index